A French cyber expert alleged that the data shared on the Congress’ official application is vulnerable to breaches. The app’s server is in Singapore.

The Congress on Monday removed its official mobile phone application from Google Play Store after the Bharatiya Janata Party accused the party of sharing the data of people who visit its website with “practically anyone”.

Over the past few weeks, the safety of user data has come under the scanner following reports that British firm Cambridge Analytica used the private data of more than five crore Facebook users to influence voters during Donald Trump’s 2016 election campaign, and in several other polls around the world. Ever since, the Congress and BJP have been accusing each other of using the services of the British firm.

In a series of tweets on Monday, the head of the BJP’s information technology cell, Amit Malviya, posted screenshots of the privacy policy of the Congress’ website. Malviya also accused party President Rahul Gandhi of sharing user data from the official Congress application with “friends in Singapore”.

Malviya’s comments came after Gandhi criticised the government after a French cyber security expert alleged that the Narendra Modi Android application shared its users’ private information with companies without their consent.

Gandhi had mocked the prime minister in a tweet saying, “Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.”

Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.

Ps. Thanks mainstream media, you're doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH

On Sunday, Malviya said the data from the app is shared with a “third party service” for analytics, but it is in “no way stored or used by the third party services”.

On Monday, in a tweet worded just like Gandhi’s, he accused the Congress of sharing user information with Singapore. Malviya based his claims on new allegations against the official Congress Android application by the same French cyber expert, who goes by the name Elliot Alderson on Twitter.

Hi! My name is Rahul Gandhi. I am the President of India’s oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore. pic.twitter.com/ceCTkod17D

Malviya also highlighted parts from the Congress’ privacy policy note that talks about how user data is shared. “When Congress says they will share your data with like-minded groups, the implications are grave,” he said. “From Maoists, stone pelters, Bharat Ke Tukde Gang, Chinese embassy to globally ‘renowned’ orgs [organisations] like Cambridge Analytica, the field is extensive and wide open.”

Full marks to @INCIndia for stating upfront that they'll give your data to **practically anyone** - undisclosed vendors, unknown volunteers, even 'groups with similar causes'. In theft of all forms, Congress has never been discreet! pic.twitter.com/FCSIv6nPMn

Allegations against the INC app

Meanwhile, Alderson posted a series of tweets on Monday morning about how data shared on the Congress party’s official app is vulnerable to breaches.

He pointed out that personal data of users is encoded using Hyper Text Transfer Protocol, or HTTP, instead of the more secure HTTPs. He said the application was using a poor encryption system that makes data mining easier. And, finally, that the app’s server is in Singapore, which would make any data entered by the user subject to Singaporean laws.